Trying to create a DMZ to put a web server in. I have OPNSense running on a dedicated server in a Hyper-V VM and have configured 3 interfaces; one LAN, one WAN and one DMZ. I've set up block rules to stop traffic crossing from the DMZ to the LAN and vice-versa then added a port forward rule to send all ports/protocols to the web server host in the DMZ.
1) Is my approach right? It seems to work and my DMZ machine can see/be seen from the net.
2) FTP is broken; I get a connection and a log in, but it fails to list the directory. If I put another VM in the DMZ it works so it's definitely OPNSense! It happens with plain FTP and TLS.
Thanks!
FTP requires the FTP proxy plug in and plaintext. Otherwise OPNsense cannot forward your traffic to the right machine.
OK thanks - much appreciated. Will post back if further difficulties!
Works great - thanks!